"portscans" (was Re: Arbor Networks DoS defense product)
Greg A. Woods
woods at weird.com
Sun May 19 20:48:15 UTC 2002
[ On Sunday, May 19, 2002 at 14:14:18 (-0400), Allan Liska wrote: ]
> Subject: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product)
>
> However, if the same
> network is continuously portscanning your network that network should
> be stopped.
Unless you're also a tier-1 kind of provider you don't usually get to
control the AUP for other networks unrelated to your own.
How do you propose to resolve a fundamental conflict between your own
users need to access the content on a network that also happens to be
regularly scanning your network? Unless real damage is done you
probably don't even have any recourse under the law, even if you do
happen to be in the same jurisdiction (and heaven help us should any
such recourse ever become possible in the free world!).
Unless you expect to be vulnerable to attack and thus really need to
have a record of past scans in case they can be used in evidence; or
maybe unless you're doing research into scanning activities; even
keeping long-term logs of all scans becomes more of a burden than it's
worth.
"You will be scanned. Resistance is futile!" I.e. get over it! ;-)
(Actually, that's not as bad of an analogy -- look at how active scans
are handled in science fiction, such as in Star Trek. Sometimes they're
treated as hostile, sometimes not. Scans aren't just used to target
weapons -- they're also used to detect life signs on rescue missions!
Certainly unless the captain is scared witless he or she has never held
back on doing an active scan when information is needed, and when he or
she is scared of detection a variety of "stealth scans" are often still
attempted.)
--
Greg A. Woods
+1 416 218-0098; <gwoods at acm.org>; <g.a.woods at ieee.org>; <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>
More information about the NANOG
mailing list